US20150358301A1 - Dynamic Configuration of Trusted Executed Environment Resources - Google Patents
Dynamic Configuration of Trusted Executed Environment Resources Download PDFInfo
- Publication number
- US20150358301A1 US20150358301A1 US14/296,885 US201414296885A US2015358301A1 US 20150358301 A1 US20150358301 A1 US 20150358301A1 US 201414296885 A US201414296885 A US 201414296885A US 2015358301 A1 US2015358301 A1 US 2015358301A1
- Authority
- US
- United States
- Prior art keywords
- key
- tee
- key update
- computing device
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 24
- 230000015654 memory Effects 0.000 claims description 19
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 4
- 230000001413 cellular effect Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000010267 cellular communication Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Definitions
- Embodiments of the present invention relate to security of electronic devices and application services.
- the Trusted Execution Environment is a secure portion of a processor of a mobile device that ensures that sensitive data is processed in a protected and trusted environment.
- the TEE may offer safe execution of trusted applications and end-to-end security of access to data, software and hardware resources.
- the TEE is part of the security framework of a mobile device.
- FIG. 1 shows a security framework 100 with the Rich Operating System (Rich OS) or Rich Execution Environment (REE) 102 , the TEE 104 and the Secure Element (SE) 106 .
- the Rich OS 102 executes applications available from third parties.
- the SE 106 includes software and tamper resistant hardware for high levels of security for proximity payment applications, electronic signatures and PIN numbers.
- the TEE 104 helps to control access rights and offers protection against software attacks that may originate from the Rich OS 102 environment.
- the TEE 104 provides the environment for high-definition (HD) video providers to keep their premium content secure so that it cannot be duplicated or shared.
- HD high-definition
- the configuration of hardware resources available for keys stored in the TEE 104 is static and hardcoded by the manufacturer. Any change to the TEE use of hardware resources for a key requires all the software of the TEE 104 to be flashed or overwritten. It is rather expensive to change the configuration of stored keys in order to add new use cases or modify old use cases for usage of the hardware resources.
- a mobile computing device may include a processor and a memory coupled to the processor and comprising computer readable program code embodied in the memory that when executed by the processor causes the processor to perform operations.
- the operations may include receiving a key update message comprising key update information from another computing device and authenticating the key update message for a key stored in a trusted execution environment (TEE) of the mobile computing device.
- the stored key may define a configuration used by the processor to control access to hardware resources of the mobile computing device in or from the TEE.
- the key update information may identify a hardware resource of the mobile computing device that is authorized to be used by a trusted application in the TEE.
- the operations may further include changing the configuration for the stored key in the TEE based upon the key update information responsive to a positive authentication. Access to the hardware resources may be changed for the stored key.
- the key update information may be first key update information and the hardware resource may be a first hardware resource authorized by the stored key to be used by the trusted application.
- the key update message may include second key update information corresponding to a second hardware resource of the mobile electronic device authorized by the stored key to be used by the trusted application different than the first hardware resource.
- the key update information may include a key update flag
- the operations may include updating the configuration to grant or deny access to the hardware resource based on the key update flag.
- the key update message may be an over-the-air (OTA) message received by the mobile computing device from the other computing device.
- the operations may further include controlling access to the hardware resource by the trusted application based on changes to the configuration responsive to the key update information.
- OTA over-the-air
- the key update message may be an encrypted private key binary large object (key BLOB).
- the operations may further comprise decrypting the encrypted key BLOB using a private key of the stored key in the TEE and updating the configuration of the stored key defining access to the hardware resource for the trusted application in the TEE based on the key update information.
- the stored key may be stored using a key binary large object (key BLOB).
- the operations may include updating the configuration only for the stored key.
- the stored key may be one of a plurality of stored keys in the TEE.
- a method may include receiving, by a mobile computing device, a key update message comprising key update information from another computing device and authenticating the key update message for a key stored in a trusted execution environment (TEE) of the mobile computing device.
- the stored key may define a configuration used by the processor to control access to hardware resources of the mobile computing device in or from the TEE.
- the key update information may identify a hardware resource of the mobile computing device that is authorized to be used by a trusted application in the TEE.
- the method may further include changing the configuration for the stored key in the TEE based upon the key update information responsive to a positive authentication. Access to the hardware resources may be changed for the stored key.
- the key update information may be first key update information and the hardware resource may be a first hardware resource authorized by the stored key to be used by the trusted application.
- the key update message may include second key update information corresponding to a second hardware resource of the mobile electronic device authorized by the stored key to be used by the trusted application different than the first hardware resource.
- the key update information may include a key update flag
- the method may include updating the configuration to grant or deny access to the hardware resource based on the key update flag.
- the key update message may be an over-the-air (OTA) message received by the mobile computing device from the other computing device.
- the method may further include controlling access to the hardware resource by the trusted application based on changes to the configuration responsive to the key update information.
- OTA over-the-air
- the key update message may be an encrypted private key binary large object (key BLOB).
- the method may include decrypting the encrypted key BLOB using a private key of the stored key in the TEE and updating the configuration of the stored key defining access to the hardware resource for the trusted application in the TEE based on the key update information.
- the stored key may be stored using a key binary large object (key BLOB).
- the configuration may be updated only for the stored key.
- the stored key may be one of a plurality of stored keys in the TEE.
- a computing device may include a processor and a memory coupled to the processor and comprising computer readable program code embodied in the memory that when executed by the processor causes the processor to perform operations.
- the operations may include generating a key update message comprising key update information that corresponds to a key stored in a trusted execution environment (TEE) of a mobile computing device.
- the key update information may be used by the mobile computing device to reconfigure a TEE hardware configuration used by the processor to control access to hardware resources of the mobile computing device from the TEE.
- the operations may also include encrypting the key update message for the stored key and sending the key update message to the mobile computing device.
- the key update information may identify a hardware resource of the mobile computing device that is authorized to be used by a trusted application in the TEE.
- the key update information may include a key update flag to cause the processor to update the configuration to grant or deny access to the hardware resource by the trusted application based on the key update flag.
- the key update message is an over-the-air (OTA) message comprising an encrypted key binary large object (key BLOB) and the key update message is sent to the TEE and addressed only the stored key in the TEE, which is one stored key among a plurality of stored keys.
- OTA over-the-air
- key BLOB binary large object
- FIG. 1 illustrates a security framework of a mobile device.
- FIG. 2 is a schematic block diagram of a computing device, according to various embodiments.
- FIG. 3 illustrates updating a TEE hardware configuration, according to various embodiments.
- FIG. 4 is a flowchart illustrating a process for updating a TEE hardware configuration, according to various embodiments.
- FIG. 5 is a diagram of an update message, according to various embodiments.
- FIG. 6 is a diagram of key update flags corresponding to hardware resources in a configuration of a TEE, according to various embodiments.
- FIG. 7 is a flowchart illustrating another process for updating a TEE hardware configuration, according to various embodiments.
- the term “comprising” or “comprises” is open-ended, and includes one or more stated features, integers, elements, steps, components or functions but does not preclude the presence or addition of one or more other features, integers, elements, steps, components, functions or groups thereof.
- the term “and/or” includes any and all combinations of one or more of the associated listed items.
- the common abbreviation “e.g.”, which derives from the Latin phrase “exempli gratia,” may be used to introduce or specify a general example or examples of a previously mentioned item, and is not intended to be limiting of such item.
- the common abbreviation “i.e.”, which derives from the Latin phrase “id est,” may be used to specify a particular item from a more general recitation.
- Coupled when an element is referred to as being “coupled” or “connected” to another element, it can be directly coupled or connected to the other element or intervening elements may also be present. In contrast, when an element is referred to as being “directly coupled” or “directly connected” to another element, there are no intervening elements present. Furthermore, “coupled” or “connected” as used herein may include wirelessly coupled or connected.
- Embodiments described herein provide for a redesign of TEE key management to better handle hardware configuration changes for keys stored in the TEE.
- Such keys may use key binding.
- the TEE of the mobile device may be configured so that it can change the hardware configuration for a key stored in the TEE based on key update information received in a key update message.
- a key update message may include, for example, an over-the-air (OTA) message for signed configuration of TEE hardware.
- Key update information may include one or more key update flags that correspond to hardware resources made available in or by the TEE.
- a key binary large object may be installed on a mobile device to define hardware usage for a key stored in the TEE of the mobile device.
- a key BLOB may normally include an encrypted key, public data and a Hash-based Message Authentication Code (HMAC).
- the encrypted key may be a private key encrypted with a key only available in the TEE.
- Public data may include digital certificates.
- HMAC may be used for the entire (or almost the entire) key BLOB with a key only available in the TEE.
- signed key BLOBs installed on the phone may be extended to be configurable for TEE hardware usage.
- a key BLOB may additionally include a TEE configuration defining how TEE hardware should be configured for the stored key.
- HD content providers employ digital rights management (DRM) to protect their content from being freely distributed by a device.
- the mobile device may include a private key that can only be accessed by a specific TEE application. This private key cannot be exported outside the TEE and data encrypted with the private key may be passed to a secure video output path in the TEE. This protects the video content from being poached from a video path in the device.
- This key update message may be an OTA message or may be included in an OTA message.
- the key update message may change the TEE hardware configuration of a stored key in the TEE of the mobile device because the TEE of the mobile device may now be configured to allow such secure changes.
- FIG. 2 is a schematic block diagram of a computing device that includes software and/or hardware for management of TEE hardware configurations, according to various embodiments.
- Computing device 200 may be a mobile computing device or a mobile communication terminal but is not limited to such devices.
- Device 200 may communicate with a cellular network, wide area network, wireless local area network, the internet or other devices using a communication protocol.
- the communication protocol may include IEEE 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, and/or other wireless local area network protocols.
- device 200 includes various components, such as a communication interface 216 for connecting to the internet or other devices through a wireline or wireless network.
- the communication interface 216 may also include an antenna system 214 and a cellular and/or Wi-Fi transceiver 212 (e.g., multi-band).
- Device 200 may include a processor 210 , a memory 220 and multiple hardware resources, such as display 260 , video output 270 (e.g., HDMI port), camera 280 and/or sensor 290 .
- the display 260 may include a touch sensitive display or screen, or the like.
- the memory 220 stores software that may be executed by the processor 210 , and may include one or more erasable programmable read-only memories (EPROM or Flash EPROM), battery backed random access memory (RAM), magnetic, optical, or other digital storage device, and may be separate from, or at least partially within, the processor 210 .
- the processor 210 may include more than one processor, such as, for example, a general purpose processor and a digital signal processor, which may be enclosed in a common package or separate and apart from one another.
- the processor 210 may be configured to control various functions of the device 200 , including receiving input from a touch sensitive screen or other sensors.
- Device 200 may communicate with a base station of a network using radio frequency signals, which may be communicated through antenna system 214 .
- device 200 may be configured to communicate via the cellular transceiver 212 using one or more cellular communication protocols such as, for example, Advanced Mobile Phone Service (AMPS), ANSI-136, Global Standard for Mobile (GSM) communication, General Packet Radio Service (GPRS), enhanced data rates for GSM evolution (EDGE), code division multiple access (CDMA), wideband-CDMA, CDMA2000, and/or Universal Mobile Telecommunications System (UMTS), among others.
- AMPS Advanced Mobile Phone Service
- GSM Global Standard for Mobile
- GPRS General Packet Radio Service
- EDGE enhanced data rates for GSM evolution
- CDMA code division multiple access
- CDMA2000 wideband-CDMA2000
- UMTS Universal Mobile Telecommunications System
- Communication protocols as used herein may specify the information communicated, the timing, the frequency, the modulation, and/or the operations for setting-up and/or maintaining a communication connection
- the present invention is not limited to the particular configurations shown in FIG. 2 , but is intended to encompass any configuration capable of carrying out operations described herein. While particular functionalities are shown in particular blocks by way of illustration, functionalities of different blocks and/or portions thereof may be combined, divided, and/or eliminated. Moreover, the functionality of the hardware/software architecture may be implemented as a single processor system or a multi-processor system in accordance with various embodiments of the present invention.
- Embodiments of the present invention may include methods, electronic devices, and/or computer program products. Some embodiments of the present invention are described with reference to block diagrams and/or operational illustrations of methods and electronic devices.
- each block may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It is to be understood that each block of the block diagrams and/or operational illustrations, and combinations of blocks in the block diagrams and/or operational illustrations can be embodied on analog circuitry and/or digital circuitry.
- controller circuit may include one or more general purpose processors, special purpose processors, ASICs, and/or other programmable data processing apparatus, such that the instructions, which execute via the controller, create means for implementing the functions/acts specified in the block diagrams and/or operational block or blocks.
- the functions/acts noted in the blocks may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
- These computer program instructions may also be stored in a computer-usable or computer-readable memory that may direct a controller circuit to function in a particular manner, such that the instructions stored in the computer usable or computer-readable memory produce an article of manufacture including instructions that implement the function specified in the flowchart and/or block diagram block or blocks.
- the computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, or semiconductor system, apparatus, or device.
- the computer-readable medium includes the following: hard disk devices, optical storage devices, magnetic storage devices, random access memory (RAM) devices, read-only memory (ROM) devices, erasable programmable read-only memory (EPROM or Flash memory) devices, and compact disc read-only memory (CD-ROM).
- RAM random access memory
- ROM read-only memory
- EPROM or Flash memory erasable programmable read-only memory
- CD-ROM compact disc read-only memory
- FIG. 2 shows TEE 230 , which may be part of the security framework of device 200 .
- TEE 230 may be used for handling storage of sensitive data and execution of trusted applications.
- TEE 230 provides access of the data and hardware resources to trusted applications based on a TEE configuration stored and/or managed by TEE configuration manager 240 .
- FIG. 2 is used for explanatory purposes and, in some embodiments, TEE Configuration Manager 240 may be located in TEE 230 , TEE 230 and TEE Configuration Manager 240 may be located in processor 210 or another processor or chipset.
- TEE 230 may be separated by hardware from the operating system.
- TEE 230 may store keys that provide access to resources and may be used to authenticate operations of a trusted application or messages intended for the trusted application. Such messages may be received from a cloud server.
- FIG. 3 shows a key update message, which is or is included in an over-the-air (OTA) message 302 from key update server 320 to mobile computing device 200 .
- OTA over-the-air
- FIGS. 3 , 5 and 6 will be described with reference to flowchart 400 in FIG. 4 and flowchart 700 in FIG. 7 .
- FIG. 4 may represent operations from a viewpoint of a mobile computing device, such as device 200
- FIG. 7 may represent operations from a viewpoint of key update server 320 .
- key update server 320 may include a memory, processor and communication interface, such as shown by the memory 220 , processor 210 and communication interface 216 of device 200 in FIG. 2 .
- Key update server 320 may be a server or application server in the cloud or a server of a cloud based service.
- the key update message may include key update information, such as a key update flag, that corresponds to a key stored in TEE 230 of device 200 .
- the key update information is used by device 200 to reconfigure or change a configuration used by the processor to control access to hardware resources of device 200 from or in TEE 230 .
- the configuration may include trusted application identifiers, hardware resource identifiers and whether the hardware resource is granted or denied for the trusted application.
- profiles may have corresponding profiles stored in TEE 230 of device 200 to assist in the dynamic configuration of the keys in TEE 230 of device 200 .
- Flags are used in this example but other types of information such as codes, numbers, strings or other abbreviated forms of information may be used.
- the key update message in encrypted for a stored key on device 200 (block 704 ). This encryption may involve private keys available only in the TEE of certain mobile devices.
- the key update message is then sent to device 200 (block 706 ). Passing the key update message from the key update server 320 to device 200 may include known security measures for encryption, decryption and authentication of the key update messages by device 200 .
- the key update message may be sent to TEE 230 of device 200 . In some cases, the key update message may be addressed only to the stored key and the stored key may be one of a plurality of stored keys.
- FIG. 5 shows an example key update message, according to some embodiments.
- the key update message is an OTA message 510 .
- the OTA message 510 includes key flags, flag 512 and flag 514 . These key update flags correspond to hardware resources in TEE 230 of device 200 .
- FIG. 6 is a diagram of key update flags corresponding to hardware resources in a configuration of a TEE, according to various embodiments.
- flag 1 512 corresponds to hardware resource 602
- flag 2 corresponds to hardware resource 2 604 .
- the key update message is received from a computing device, such as key update server 320 , at block 402 of FIG. 4 .
- the key update message is authenticated for the stored key in TEE 230 of a mobile computing device, such as device 200 .
- the stored key defines a configuration for access to hardware resources of device 200 from TEE 230 or within TEE 230 .
- the encrypted key BLOB may be decrypted using a private key of the stored key in TEE 230 .
- the configuration of the stored key defining how the processor can control access to the hardware resource for the trusted application in TEE 230 may then be updated based on the key update information.
- the TEE hardware configuration is changed or reconfigured based on the key update flags (block 406 ).
- Positive authentication may include a successful match of signed public and/or private certificates or any other successful verification using common methods to securely authenticate messages.
- the TEE hardware configuration may include allowing or denying access to certain resources. The access to the hardware resources is changed for the stored key. This is made possible by the addition of a TEE configuration in the stored key and TEE Configuration Manager 240 which operates to change the TEE configuration of the stored key in response to instructions in a key update message or key update information that may include key update flags.
- only the stored key is updated and other stored keys are not updated or changed.
- the key update message may be directed only to a single trusted application in TEE 230 or a subset of trusted applications in TEE 230 . Access to only a single hardware resource or a subset of hardware resources may change.
- a trusted application in TEE 230 may have multiple stored keys and only one of those or all of those stored keys for a trusted application in TEE 230 may have a configuration change based on the key update message.
- HD content may require a secure video path in the TEE from the content source to a video display.
- the TEE hardware configuration for the key for such HD content may allow access to a display, such as display 260 , but deny access to video output 270 or any other applications.
- the HD video content should now be provided to another application installed on device 200 that provides a private key.
- the other application cannot receive the HD video content even if it has the private key because the TEE hardware configuration of the stored key in TEE 230 does not allow it.
- a key update message may be sent to TEE 230 to change the hardware configuration for the private key to allow the export of the HD video content to the specific application, which may be authenticated with the private key. This allows content owners to change their secure hardware capabilities for existing mobile device owners rather than only for owners of newly purchased mobile devices.
- SD content may have a private key that is accessed only by a specific TEE application on device 200 , and the private key cannot be exported outside TEE 230 .
- SD content encrypted with this private key may be allowed to pass on to the normal operating system outside the secure space. Access to video output 270 is denied. However, due to a licensing change, access to video output 270 should be made available.
- a key update message may be sent to device 200 .
- TEE Configuration Manager 240 of TEE 230 of device 200 receives the key update message and identifies key update flags in the key update information. Based on a key update flag of the key update message, TEE Configuration Manager 240 changes the TEE hardware configuration of the stored key corresponding to the key update message such that access to video output 270 is made available for the stored key in TEE 230 .
- TEE software related to a stored key changes can be made to TEE software related to a stored key.
- an Application Authentication Identifier may be used by an application in TEE 230 or originating from TEE 230 . This may include a private key that can only be accessed by a specific TEE application. However, a key update message may be used to change the software configuration of the stored key in TEE 230 so that the private key can be exported outside TEE 230 .
- other configuration examples may include enabling, disabling or controlling a quality of service (QoS) provided for communications with an application or hardware.
- QoS quality of service
- key BLOBs of a TEE may be OTA updated so that new software does not need to be pushed to mobile devices each time the use case of a stored TEE key is supposed to change.
- the owner of premium content or DRM protected content that may wish to make secure hardware changes for the premium content, it may be more useful to provide this flexibility independent of the mobile device manufacturers and mobile device software update teams.
- the mobile device manufacturers ensure the security of all applications on the mobile device, content owners may be afforded the opportunity to change how their content is protected.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Mathematical Physics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
- Embodiments of the present invention relate to security of electronic devices and application services.
- The Trusted Execution Environment (TEE) is a secure portion of a processor of a mobile device that ensures that sensitive data is processed in a protected and trusted environment. The TEE may offer safe execution of trusted applications and end-to-end security of access to data, software and hardware resources. The TEE is part of the security framework of a mobile device.
FIG. 1 shows asecurity framework 100 with the Rich Operating System (Rich OS) or Rich Execution Environment (REE) 102, the TEE 104 and the Secure Element (SE) 106. The Rich OS 102 executes applications available from third parties. The SE 106 includes software and tamper resistant hardware for high levels of security for proximity payment applications, electronic signatures and PIN numbers. - The TEE 104 helps to control access rights and offers protection against software attacks that may originate from the Rich OS 102 environment. For example, the TEE 104 provides the environment for high-definition (HD) video providers to keep their premium content secure so that it cannot be duplicated or shared.
- However, the configuration of hardware resources available for keys stored in the TEE 104 is static and hardcoded by the manufacturer. Any change to the TEE use of hardware resources for a key requires all the software of the TEE 104 to be flashed or overwritten. It is rather expensive to change the configuration of stored keys in order to add new use cases or modify old use cases for usage of the hardware resources.
- Various embodiments described herein provide for a redesign of key management to better handle TEE hardware configuration. According to some embodiments, a mobile computing device may include a processor and a memory coupled to the processor and comprising computer readable program code embodied in the memory that when executed by the processor causes the processor to perform operations. The operations may include receiving a key update message comprising key update information from another computing device and authenticating the key update message for a key stored in a trusted execution environment (TEE) of the mobile computing device. The stored key may define a configuration used by the processor to control access to hardware resources of the mobile computing device in or from the TEE. The key update information may identify a hardware resource of the mobile computing device that is authorized to be used by a trusted application in the TEE. The operations may further include changing the configuration for the stored key in the TEE based upon the key update information responsive to a positive authentication. Access to the hardware resources may be changed for the stored key.
- According to some embodiments, the key update information may be first key update information and the hardware resource may be a first hardware resource authorized by the stored key to be used by the trusted application. The key update message may include second key update information corresponding to a second hardware resource of the mobile electronic device authorized by the stored key to be used by the trusted application different than the first hardware resource.
- According to some embodiments, the key update information may include a key update flag, and the operations may include updating the configuration to grant or deny access to the hardware resource based on the key update flag.
- According to some embodiments, the key update message may be an over-the-air (OTA) message received by the mobile computing device from the other computing device. The operations may further include controlling access to the hardware resource by the trusted application based on changes to the configuration responsive to the key update information.
- According to some embodiments, the key update message may be an encrypted private key binary large object (key BLOB). The operations may further comprise decrypting the encrypted key BLOB using a private key of the stored key in the TEE and updating the configuration of the stored key defining access to the hardware resource for the trusted application in the TEE based on the key update information. The stored key may be stored using a key binary large object (key BLOB).
- According to some embodiments, the operations may include updating the configuration only for the stored key. The stored key may be one of a plurality of stored keys in the TEE.
- According to some embodiments, a method may include receiving, by a mobile computing device, a key update message comprising key update information from another computing device and authenticating the key update message for a key stored in a trusted execution environment (TEE) of the mobile computing device. The stored key may define a configuration used by the processor to control access to hardware resources of the mobile computing device in or from the TEE. The key update information may identify a hardware resource of the mobile computing device that is authorized to be used by a trusted application in the TEE. The method may further include changing the configuration for the stored key in the TEE based upon the key update information responsive to a positive authentication. Access to the hardware resources may be changed for the stored key.
- According to some embodiments, the key update information may be first key update information and the hardware resource may be a first hardware resource authorized by the stored key to be used by the trusted application. The key update message may include second key update information corresponding to a second hardware resource of the mobile electronic device authorized by the stored key to be used by the trusted application different than the first hardware resource.
- According to some embodiments, the key update information may include a key update flag, and the method may include updating the configuration to grant or deny access to the hardware resource based on the key update flag.
- According to some embodiments, the key update message may be an over-the-air (OTA) message received by the mobile computing device from the other computing device. The method may further include controlling access to the hardware resource by the trusted application based on changes to the configuration responsive to the key update information.
- According to some embodiments, the key update message may be an encrypted private key binary large object (key BLOB). The method may include decrypting the encrypted key BLOB using a private key of the stored key in the TEE and updating the configuration of the stored key defining access to the hardware resource for the trusted application in the TEE based on the key update information. The stored key may be stored using a key binary large object (key BLOB).
- According to some embodiments, the configuration may be updated only for the stored key. The stored key may be one of a plurality of stored keys in the TEE.
- According to some embodiments, a computing device may include a processor and a memory coupled to the processor and comprising computer readable program code embodied in the memory that when executed by the processor causes the processor to perform operations. The operations may include generating a key update message comprising key update information that corresponds to a key stored in a trusted execution environment (TEE) of a mobile computing device. The key update information may be used by the mobile computing device to reconfigure a TEE hardware configuration used by the processor to control access to hardware resources of the mobile computing device from the TEE. The operations may also include encrypting the key update message for the stored key and sending the key update message to the mobile computing device. The key update information may identify a hardware resource of the mobile computing device that is authorized to be used by a trusted application in the TEE.
- According to some embodiments, the key update information may include a key update flag to cause the processor to update the configuration to grant or deny access to the hardware resource by the trusted application based on the key update flag.
- According to some embodiments, the key update message is an over-the-air (OTA) message comprising an encrypted key binary large object (key BLOB) and the key update message is sent to the TEE and addressed only the stored key in the TEE, which is one stored key among a plurality of stored keys.
- Other devices, methods, and/or computer program products according to embodiments of the invention will be or become apparent to one with skill in the art upon review of the following drawings and detailed description. It is intended that all such additional devices, methods, and/or computer program products be included within this description, be within the scope of the present invention, and be protected by the accompanying claims. Moreover, it is intended that all embodiments disclosed herein can be implemented separately or combined in any way and/or combination.
- The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate certain embodiment(s) of the invention.
-
FIG. 1 illustrates a security framework of a mobile device. -
FIG. 2 is a schematic block diagram of a computing device, according to various embodiments. -
FIG. 3 illustrates updating a TEE hardware configuration, according to various embodiments. -
FIG. 4 is a flowchart illustrating a process for updating a TEE hardware configuration, according to various embodiments. -
FIG. 5 is a diagram of an update message, according to various embodiments. -
FIG. 6 is a diagram of key update flags corresponding to hardware resources in a configuration of a TEE, according to various embodiments. -
FIG. 7 is a flowchart illustrating another process for updating a TEE hardware configuration, according to various embodiments. - The present invention now will be described more fully with reference to the accompanying drawings, in which embodiments of the invention are shown. However, this invention should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout.
- As used herein, the term “comprising” or “comprises” is open-ended, and includes one or more stated features, integers, elements, steps, components or functions but does not preclude the presence or addition of one or more other features, integers, elements, steps, components, functions or groups thereof. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items. Furthermore, as used herein, the common abbreviation “e.g.”, which derives from the Latin phrase “exempli gratia,” may be used to introduce or specify a general example or examples of a previously mentioned item, and is not intended to be limiting of such item. If used herein, the common abbreviation “i.e.”, which derives from the Latin phrase “id est,” may be used to specify a particular item from a more general recitation.
- The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise.
- Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of this disclosure and the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
- It will be understood that when an element is referred to as being “coupled” or “connected” to another element, it can be directly coupled or connected to the other element or intervening elements may also be present. In contrast, when an element is referred to as being “directly coupled” or “directly connected” to another element, there are no intervening elements present. Furthermore, “coupled” or “connected” as used herein may include wirelessly coupled or connected.
- Embodiments described herein provide for a redesign of TEE key management to better handle hardware configuration changes for keys stored in the TEE. Such keys may use key binding. The TEE of the mobile device may be configured so that it can change the hardware configuration for a key stored in the TEE based on key update information received in a key update message. Such a message may include, for example, an over-the-air (OTA) message for signed configuration of TEE hardware. Key update information may include one or more key update flags that correspond to hardware resources made available in or by the TEE.
- A key binary large object (key BLOB) may be installed on a mobile device to define hardware usage for a key stored in the TEE of the mobile device. A key BLOB may normally include an encrypted key, public data and a Hash-based Message Authentication Code (HMAC). The encrypted key may be a private key encrypted with a key only available in the TEE. Public data may include digital certificates. HMAC may be used for the entire (or almost the entire) key BLOB with a key only available in the TEE.
- According to some embodiments, signed key BLOBs installed on the phone may be extended to be configurable for TEE hardware usage. A key BLOB may additionally include a TEE configuration defining how TEE hardware should be configured for the stored key. For example, HD content providers employ digital rights management (DRM) to protect their content from being freely distributed by a device. In such a case, the mobile device may include a private key that can only be accessed by a specific TEE application. This private key cannot be exported outside the TEE and data encrypted with the private key may be passed to a secure video output path in the TEE. This protects the video content from being poached from a video path in the device. However, if the content owner wishes to change the use of hardware resources for a given key, perhaps as a result of a contract change or a licensing deal, the content owner can change the hardware configuration for a key with a key update message to the TEE of the mobile device. This key update message may be an OTA message or may be included in an OTA message.
- According to some embodiments, the key update message may change the TEE hardware configuration of a stored key in the TEE of the mobile device because the TEE of the mobile device may now be configured to allow such secure changes. For example,
FIG. 2 is a schematic block diagram of a computing device that includes software and/or hardware for management of TEE hardware configurations, according to various embodiments.Computing device 200 may be a mobile computing device or a mobile communication terminal but is not limited to such devices.Device 200 may communicate with a cellular network, wide area network, wireless local area network, the internet or other devices using a communication protocol. For example, the communication protocol may include IEEE 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, and/or other wireless local area network protocols. - In some embodiments,
device 200 includes various components, such as acommunication interface 216 for connecting to the internet or other devices through a wireline or wireless network. Thecommunication interface 216 may also include anantenna system 214 and a cellular and/or Wi-Fi transceiver 212 (e.g., multi-band).Device 200 may include aprocessor 210, amemory 220 and multiple hardware resources, such asdisplay 260, video output 270 (e.g., HDMI port),camera 280 and/orsensor 290. Some embodiments provide that thedisplay 260 may include a touch sensitive display or screen, or the like. - The
memory 220 stores software that may be executed by theprocessor 210, and may include one or more erasable programmable read-only memories (EPROM or Flash EPROM), battery backed random access memory (RAM), magnetic, optical, or other digital storage device, and may be separate from, or at least partially within, theprocessor 210. Theprocessor 210 may include more than one processor, such as, for example, a general purpose processor and a digital signal processor, which may be enclosed in a common package or separate and apart from one another. In particular, theprocessor 210 may be configured to control various functions of thedevice 200, including receiving input from a touch sensitive screen or other sensors. -
Device 200 may communicate with a base station of a network using radio frequency signals, which may be communicated throughantenna system 214. For example,device 200 may be configured to communicate via thecellular transceiver 212 using one or more cellular communication protocols such as, for example, Advanced Mobile Phone Service (AMPS), ANSI-136, Global Standard for Mobile (GSM) communication, General Packet Radio Service (GPRS), enhanced data rates for GSM evolution (EDGE), code division multiple access (CDMA), wideband-CDMA, CDMA2000, and/or Universal Mobile Telecommunications System (UMTS), among others. Communication protocols as used herein may specify the information communicated, the timing, the frequency, the modulation, and/or the operations for setting-up and/or maintaining a communication connection. In some embodiments, the antenna system 346 may be a single antenna. - It is to be understood that the present invention is not limited to the particular configurations shown in
FIG. 2 , but is intended to encompass any configuration capable of carrying out operations described herein. While particular functionalities are shown in particular blocks by way of illustration, functionalities of different blocks and/or portions thereof may be combined, divided, and/or eliminated. Moreover, the functionality of the hardware/software architecture may be implemented as a single processor system or a multi-processor system in accordance with various embodiments of the present invention. - Embodiments of the present invention may include methods, electronic devices, and/or computer program products. Some embodiments of the present invention are described with reference to block diagrams and/or operational illustrations of methods and electronic devices. In this regard, each block may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It is to be understood that each block of the block diagrams and/or operational illustrations, and combinations of blocks in the block diagrams and/or operational illustrations can be embodied on analog circuitry and/or digital circuitry. These program instructions may be provided to a controller circuit, which may include one or more general purpose processors, special purpose processors, ASICs, and/or other programmable data processing apparatus, such that the instructions, which execute via the controller, create means for implementing the functions/acts specified in the block diagrams and/or operational block or blocks. In some alternate implementations, the functions/acts noted in the blocks may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
- These computer program instructions may also be stored in a computer-usable or computer-readable memory that may direct a controller circuit to function in a particular manner, such that the instructions stored in the computer usable or computer-readable memory produce an article of manufacture including instructions that implement the function specified in the flowchart and/or block diagram block or blocks. The computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, or semiconductor system, apparatus, or device. More specific examples (a nonexhaustive list) of the computer-readable medium include the following: hard disk devices, optical storage devices, magnetic storage devices, random access memory (RAM) devices, read-only memory (ROM) devices, erasable programmable read-only memory (EPROM or Flash memory) devices, and compact disc read-only memory (CD-ROM).
-
FIG. 2 showsTEE 230, which may be part of the security framework ofdevice 200.TEE 230 may be used for handling storage of sensitive data and execution of trusted applications.TEE 230 provides access of the data and hardware resources to trusted applications based on a TEE configuration stored and/or managed by TEE configuration manager 240.FIG. 2 is used for explanatory purposes and, in some embodiments, TEE Configuration Manager 240 may be located inTEE 230,TEE 230 and TEE Configuration Manager 240 may be located inprocessor 210 or another processor or chipset.TEE 230 may be separated by hardware from the operating system. -
TEE 230 may store keys that provide access to resources and may be used to authenticate operations of a trusted application or messages intended for the trusted application. Such messages may be received from a cloud server. For example,FIG. 3 shows a key update message, which is or is included in an over-the-air (OTA)message 302 fromkey update server 320 tomobile computing device 200. - According to some embodiments,
FIGS. 3 , 5 and 6 will be described with reference toflowchart 400 inFIG. 4 andflowchart 700 inFIG. 7 .FIG. 4 may represent operations from a viewpoint of a mobile computing device, such asdevice 200, whileFIG. 7 may represent operations from a viewpoint ofkey update server 320. In some embodiments,key update server 320 may include a memory, processor and communication interface, such as shown by thememory 220,processor 210 andcommunication interface 216 ofdevice 200 inFIG. 2 .Key update server 320 may be a server or application server in the cloud or a server of a cloud based service. - At
block 702, a key update message is generated. The key update message may include key update information, such as a key update flag, that corresponds to a key stored inTEE 230 ofdevice 200. The key update information is used bydevice 200 to reconfigure or change a configuration used by the processor to control access to hardware resources ofdevice 200 from or inTEE 230. The configuration may include trusted application identifiers, hardware resource identifiers and whether the hardware resource is granted or denied for the trusted application. There may be more than one key update flag that is used to toggle on or off certain hardware capabilities. A combination of flags may provide for a specific configuration or capability. Certain profiles of flags and hardware resource configurations may be stored bykey update server 320. These profiles may have corresponding profiles stored inTEE 230 ofdevice 200 to assist in the dynamic configuration of the keys inTEE 230 ofdevice 200. Flags are used in this example but other types of information such as codes, numbers, strings or other abbreviated forms of information may be used. - The key update message in encrypted for a stored key on device 200 (block 704). This encryption may involve private keys available only in the TEE of certain mobile devices. The key update message is then sent to device 200 (block 706). Passing the key update message from the
key update server 320 todevice 200 may include known security measures for encryption, decryption and authentication of the key update messages bydevice 200. The key update message may be sent toTEE 230 ofdevice 200. In some cases, the key update message may be addressed only to the stored key and the stored key may be one of a plurality of stored keys. -
FIG. 5 shows an example key update message, according to some embodiments. In this example, the key update message is anOTA message 510. TheOTA message 510 includes key flags,flag 512 andflag 514. These key update flags correspond to hardware resources inTEE 230 ofdevice 200. For example,FIG. 6 is a diagram of key update flags corresponding to hardware resources in a configuration of a TEE, according to various embodiments. InFIG. 6 ,flag 1 512 corresponds tohardware resource 602 andflag 2 corresponds tohardware resource 2 604. - The key update message is received from a computing device, such as
key update server 320, atblock 402 ofFIG. 4 . Atblock 404, the key update message is authenticated for the stored key inTEE 230 of a mobile computing device, such asdevice 200. The stored key defines a configuration for access to hardware resources ofdevice 200 fromTEE 230 or withinTEE 230. - According to some embodiments, the encrypted key BLOB may be decrypted using a private key of the stored key in
TEE 230. The configuration of the stored key defining how the processor can control access to the hardware resource for the trusted application inTEE 230 may then be updated based on the key update information. - Following a positive authentication of the key update message, the TEE hardware configuration is changed or reconfigured based on the key update flags (block 406). Positive authentication may include a successful match of signed public and/or private certificates or any other successful verification using common methods to securely authenticate messages. The TEE hardware configuration may include allowing or denying access to certain resources. The access to the hardware resources is changed for the stored key. This is made possible by the addition of a TEE configuration in the stored key and TEE Configuration Manager 240 which operates to change the TEE configuration of the stored key in response to instructions in a key update message or key update information that may include key update flags.
- According to some embodiments, only the stored key is updated and other stored keys are not updated or changed. The key update message may be directed only to a single trusted application in
TEE 230 or a subset of trusted applications inTEE 230. Access to only a single hardware resource or a subset of hardware resources may change. In some cases, a trusted application inTEE 230 may have multiple stored keys and only one of those or all of those stored keys for a trusted application inTEE 230 may have a configuration change based on the key update message. - In an example, HD content may require a secure video path in the TEE from the content source to a video display. The TEE hardware configuration for the key for such HD content may allow access to a display, such as
display 260, but deny access tovideo output 270 or any other applications. However, due to an agreement reached between the content owner and another party, the HD video content should now be provided to another application installed ondevice 200 that provides a private key. Currently, the other application cannot receive the HD video content even if it has the private key because the TEE hardware configuration of the stored key inTEE 230 does not allow it. A key update message may be sent toTEE 230 to change the hardware configuration for the private key to allow the export of the HD video content to the specific application, which may be authenticated with the private key. This allows content owners to change their secure hardware capabilities for existing mobile device owners rather than only for owners of newly purchased mobile devices. - In another example, SD content may have a private key that is accessed only by a specific TEE application on
device 200, and the private key cannot be exported outsideTEE 230. SD content encrypted with this private key may be allowed to pass on to the normal operating system outside the secure space. Access tovideo output 270 is denied. However, due to a licensing change, access tovideo output 270 should be made available. A key update message may be sent todevice 200. TEE Configuration Manager 240 ofTEE 230 ofdevice 200 receives the key update message and identifies key update flags in the key update information. Based on a key update flag of the key update message, TEE Configuration Manager 240 changes the TEE hardware configuration of the stored key corresponding to the key update message such that access tovideo output 270 is made available for the stored key inTEE 230. - Although reference to hardware configuration changes are made in certain examples, changes can be made to TEE software related to a stored key. In a further example, an Application Authentication Identifier may be used by an application in
TEE 230 or originating fromTEE 230. This may include a private key that can only be accessed by a specific TEE application. However, a key update message may be used to change the software configuration of the stored key inTEE 230 so that the private key can be exported outsideTEE 230. - In some embodiments, other configuration examples may include enabling, disabling or controlling a quality of service (QoS) provided for communications with an application or hardware.
- According to some embodiments, key BLOBs of a TEE may be OTA updated so that new software does not need to be pushed to mobile devices each time the use case of a stored TEE key is supposed to change. As it is the owner of premium content or DRM protected content that may wish to make secure hardware changes for the premium content, it may be more useful to provide this flexibility independent of the mobile device manufacturers and mobile device software update teams. Although the mobile device manufacturers ensure the security of all applications on the mobile device, content owners may be afforded the opportunity to change how their content is protected.
- Many different embodiments have been disclosed herein and different applications/variations will be apparent to a skilled person having knowledge of the present disclosure. In the drawings and specification, there have been disclosed typical embodiments of the invention and, although specific terms are employed, they are used in a generic and descriptive sense only and not for purposes of limitation, the scope of the invention being set forth in the following claims. It would be understood that it would be unduly repetitious and obfuscating to literally describe and illustrate every combination and subcombination of these embodiments. Accordingly, the present specification, including the drawings, shall be construed to constitute a complete written description of all combination and subcombinations of the embodiments of the present invention described herein, and of the manner and process of making and using them, and shall support claims to any such combination or subcombination.
- In the specification, there have been disclosed embodiments of the invention and, although specific terms are employed, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (20)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/296,885 US9264410B2 (en) | 2014-06-05 | 2014-06-05 | Dynamic configuration of trusted executed environment resources |
EP14819090.3A EP3152698B1 (en) | 2014-06-05 | 2014-11-27 | Dynamic configuration of trusted executed environment |
PCT/JP2014/005948 WO2015186162A1 (en) | 2014-06-05 | 2014-11-27 | Dynamic configuration of trusted executed environment |
CN201480079567.0A CN106415564B (en) | 2014-06-05 | 2014-11-27 | Mobile computing device, computing device, the method for configuring credible performing environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/296,885 US9264410B2 (en) | 2014-06-05 | 2014-06-05 | Dynamic configuration of trusted executed environment resources |
Publications (2)
Publication Number | Publication Date |
---|---|
US20150358301A1 true US20150358301A1 (en) | 2015-12-10 |
US9264410B2 US9264410B2 (en) | 2016-02-16 |
Family
ID=52146568
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/296,885 Active US9264410B2 (en) | 2014-06-05 | 2014-06-05 | Dynamic configuration of trusted executed environment resources |
Country Status (4)
Country | Link |
---|---|
US (1) | US9264410B2 (en) |
EP (1) | EP3152698B1 (en) |
CN (1) | CN106415564B (en) |
WO (1) | WO2015186162A1 (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160234176A1 (en) * | 2015-02-06 | 2016-08-11 | Samsung Electronics Co., Ltd. | Electronic device and data transmission method thereof |
US20160254904A1 (en) * | 2015-02-27 | 2016-09-01 | Verizon Patent And Licensing Inc. | Network services via trusted execution environment |
EP3242242A1 (en) * | 2016-05-06 | 2017-11-08 | BlackBerry Limited | Inter-workspace communications |
US10177910B2 (en) * | 2016-08-31 | 2019-01-08 | Microsoft Technology Licensing, Llc | Preserving protected secrets across a secure boot update |
WO2019206315A1 (en) * | 2018-04-28 | 2019-10-31 | Li Jinghai | System comprising tee and electronic signature system thereof |
CN111105777A (en) * | 2018-10-25 | 2020-05-05 | 阿里巴巴集团控股有限公司 | Voice data acquisition and playing method and device, key packet updating method and device and storage medium |
US20210165874A1 (en) * | 2018-04-27 | 2021-06-03 | Huawei Technologies Co., Ltd. | Construct General Trusted Application for a Plurality of Applications |
US20210218722A1 (en) * | 2017-11-01 | 2021-07-15 | Citrix Systems, Inc. | Dynamic crypto key management for mobility in a cloud environment |
US20210240801A1 (en) * | 2020-02-03 | 2021-08-05 | Arris Enterprises Llc | Digital rights management system resource manager |
US20210328779A1 (en) * | 2021-06-25 | 2021-10-21 | Intel Corporation | Method and apparatus for fast symmetric authentication and session key establishment |
EP3879783A4 (en) * | 2019-02-26 | 2021-12-22 | Advanced New Technologies Co., Ltd. | Data security processing method and terminal thereof, and server |
US11263318B2 (en) * | 2018-11-05 | 2022-03-01 | Red Hat, Inc. | Monitoring a process in a trusted execution environment to identify a resource starvation attack |
US11297100B2 (en) | 2019-01-14 | 2022-04-05 | Red Hat, Inc. | Concealed monitor communications from a task in a trusted execution environment |
US11336684B2 (en) * | 2019-06-07 | 2022-05-17 | Lookout, Inc. | Mobile device security using a secure execution context |
US11475140B1 (en) * | 2020-11-24 | 2022-10-18 | Amazon Technologies, Inc. | Enclave-based cryptography services in edge computing environments |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105700876B (en) * | 2016-01-05 | 2017-07-21 | 腾讯科技(深圳)有限公司 | Mode of operation amending method and device |
JP2018007215A (en) * | 2016-07-08 | 2018-01-11 | キヤノン株式会社 | Information processing device, control method thereof, and program |
CN106909851A (en) * | 2017-02-27 | 2017-06-30 | 努比亚技术有限公司 | A kind of secure storage method of data and device |
US10528749B2 (en) * | 2017-03-20 | 2020-01-07 | Huawei Technologies Co., Ltd. | Methods and apparatus for containerized secure computing resources |
CN107274183B (en) * | 2017-03-21 | 2020-05-22 | 中国银联股份有限公司 | Transaction verification method and system |
CN107465504A (en) * | 2017-08-15 | 2017-12-12 | 上海与德科技有限公司 | A kind of method and device for improving key safety |
CN109491712B (en) * | 2018-11-01 | 2021-09-10 | 北京京航计算通讯研究所 | Trusted boot method suitable for VxWorks environment |
EP3720039A1 (en) * | 2019-04-05 | 2020-10-07 | Siemens Aktiengesellschaft | Method for configuring a security module comprising at least one derived key |
US20210350020A1 (en) * | 2020-05-10 | 2021-11-11 | Eiko Onishi | De-identified Identity Proofing Methods and Systems |
CN113268742B (en) * | 2021-04-07 | 2022-05-24 | 支付宝(杭州)信息技术有限公司 | Data authorization method and device and electronic equipment |
CN113821821B (en) * | 2021-11-24 | 2022-02-15 | 飞腾信息技术有限公司 | Security architecture system, cryptographic operation method of security architecture system and computing device |
CN116049812B (en) * | 2022-06-28 | 2023-10-20 | 荣耀终端有限公司 | Method for accessing hardware resources and electronic equipment |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105072088A (en) * | 2010-01-22 | 2015-11-18 | 交互数字专利控股公司 | Method and apparatus for trusted federated identity management and data access authorization |
US9369867B2 (en) | 2012-06-29 | 2016-06-14 | Intel Corporation | Mobile platform software update with secure authentication |
US9591488B2 (en) | 2012-09-11 | 2017-03-07 | Giesecke & Devrient Gmbh | Contents management for mobile station having runtime environment |
US8959331B2 (en) | 2012-11-19 | 2015-02-17 | At&T Intellectual Property I, Lp | Systems for provisioning universal integrated circuit cards |
US8984592B1 (en) * | 2013-03-15 | 2015-03-17 | Sprint Communications Company L.P. | Enablement of a trusted security zone authentication for remote mobile device management systems and methods |
CN103793815B (en) * | 2014-01-23 | 2017-01-11 | 武汉天喻信息产业股份有限公司 | Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards |
-
2014
- 2014-06-05 US US14/296,885 patent/US9264410B2/en active Active
- 2014-11-27 CN CN201480079567.0A patent/CN106415564B/en active Active
- 2014-11-27 WO PCT/JP2014/005948 patent/WO2015186162A1/en active Application Filing
- 2014-11-27 EP EP14819090.3A patent/EP3152698B1/en active Active
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160234176A1 (en) * | 2015-02-06 | 2016-08-11 | Samsung Electronics Co., Ltd. | Electronic device and data transmission method thereof |
US20160254904A1 (en) * | 2015-02-27 | 2016-09-01 | Verizon Patent And Licensing Inc. | Network services via trusted execution environment |
US9722775B2 (en) * | 2015-02-27 | 2017-08-01 | Verizon Patent And Licensing Inc. | Network services via trusted execution environment |
EP3242242A1 (en) * | 2016-05-06 | 2017-11-08 | BlackBerry Limited | Inter-workspace communications |
US10326603B2 (en) | 2016-05-06 | 2019-06-18 | Blackberry Limited | Inter-workspace communications |
US10177910B2 (en) * | 2016-08-31 | 2019-01-08 | Microsoft Technology Licensing, Llc | Preserving protected secrets across a secure boot update |
US20210218722A1 (en) * | 2017-11-01 | 2021-07-15 | Citrix Systems, Inc. | Dynamic crypto key management for mobility in a cloud environment |
US11627120B2 (en) * | 2017-11-01 | 2023-04-11 | Citrix Systems, Inc. | Dynamic crypto key management for mobility in a cloud environment |
US20210165874A1 (en) * | 2018-04-27 | 2021-06-03 | Huawei Technologies Co., Ltd. | Construct General Trusted Application for a Plurality of Applications |
US11734416B2 (en) * | 2018-04-27 | 2023-08-22 | Huawei Technologies Co., Ltd. | Construct general trusted application for a plurality of applications |
WO2019206315A1 (en) * | 2018-04-28 | 2019-10-31 | Li Jinghai | System comprising tee and electronic signature system thereof |
CN111105777A (en) * | 2018-10-25 | 2020-05-05 | 阿里巴巴集团控股有限公司 | Voice data acquisition and playing method and device, key packet updating method and device and storage medium |
US11263318B2 (en) * | 2018-11-05 | 2022-03-01 | Red Hat, Inc. | Monitoring a process in a trusted execution environment to identify a resource starvation attack |
US11297100B2 (en) | 2019-01-14 | 2022-04-05 | Red Hat, Inc. | Concealed monitor communications from a task in a trusted execution environment |
US11251976B2 (en) | 2019-02-26 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Data security processing method and terminal thereof, and server |
EP3879783A4 (en) * | 2019-02-26 | 2021-12-22 | Advanced New Technologies Co., Ltd. | Data security processing method and terminal thereof, and server |
US11336684B2 (en) * | 2019-06-07 | 2022-05-17 | Lookout, Inc. | Mobile device security using a secure execution context |
US20220239692A1 (en) * | 2019-06-07 | 2022-07-28 | Lookout Inc. | Improving Mobile Device Security Using A Secure Execution Context |
US20210240801A1 (en) * | 2020-02-03 | 2021-08-05 | Arris Enterprises Llc | Digital rights management system resource manager |
US11475140B1 (en) * | 2020-11-24 | 2022-10-18 | Amazon Technologies, Inc. | Enclave-based cryptography services in edge computing environments |
US11768948B1 (en) | 2020-11-24 | 2023-09-26 | Amazon Technologies, Inc. | Enclave-based cryptography services in edge computing environments |
US20210328779A1 (en) * | 2021-06-25 | 2021-10-21 | Intel Corporation | Method and apparatus for fast symmetric authentication and session key establishment |
Also Published As
Publication number | Publication date |
---|---|
US9264410B2 (en) | 2016-02-16 |
EP3152698A1 (en) | 2017-04-12 |
CN106415564A (en) | 2017-02-15 |
EP3152698B1 (en) | 2019-07-24 |
WO2015186162A1 (en) | 2015-12-10 |
CN106415564B (en) | 2019-06-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9264410B2 (en) | Dynamic configuration of trusted executed environment resources | |
TWI709056B (en) | Firmware upgrade method and device | |
US9485230B2 (en) | Efficient key generator for distribution of sensitive material from multiple application service providers to a secure element such as a universal integrated circuit card (UICC) | |
JP6262278B2 (en) | Method and apparatus for storage and computation of access control client | |
US8600060B2 (en) | Telecommunications device security | |
US8898459B2 (en) | Policy configuration for mobile device applications | |
US10735200B2 (en) | Methods and systems for key generation | |
US11240007B1 (en) | Using secure enclaves for decryption in unsecured locations | |
US20160070656A1 (en) | Write protection management systems | |
US20070118880A1 (en) | Mobile security system and method | |
US10474454B2 (en) | System and method for updating a trusted application (TA) on a device | |
KR102281782B1 (en) | Method and apparatus for managing an application of a terminal remotely in a wireless communication system | |
US20130073840A1 (en) | Apparatus and method for generating and managing an encryption key | |
EP3048553B1 (en) | Method for distributing applets, and entities for distributing applets | |
WO2019226510A1 (en) | Methods and systems for multiple independent roots of trust | |
US20180144142A1 (en) | Secure Data Protection and Encryption Techniques for Computing Devices and Information Storage | |
US11171786B1 (en) | Chained trusted platform modules (TPMs) as a secure bus for pre-placement of device capabilities | |
CN110476432B (en) | Protection of monitoring media | |
US11847237B1 (en) | Secure data protection and encryption techniques for computing devices and information storage | |
US20240095328A1 (en) | Systems and methods for running multiple logical secure elements on the same secure hardware | |
US20160239669A1 (en) | User Terminal And Method For Protecting Core Codes Of Applications Using The Same | |
US20240098095A1 (en) | Access control systems and methods for logical secure elements running on the same secure hardware | |
CN113177199A (en) | Data processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SONY CORPORATION, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DALBEHERA, PRAVAT;ANDERSSON, STEFAN;VARSHNEY, RIMPU;AND OTHERS;SIGNING DATES FROM 20140702 TO 20140714;REEL/FRAME:033310/0500 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: SONY MOBILE COMMUNICATIONS INC., JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SONY CORPORATION;REEL/FRAME:038542/0224 Effective date: 20160414 |
|
AS | Assignment |
Owner name: SONY CORPORATION, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SONY MOBILE COMMUNICATIONS, INC.;REEL/FRAME:048691/0134 Effective date: 20190325 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |